Date: Tue, 9 Jul 2002 12:26:54 +0400 From: Volzhan <s_volzhan@mail.ru> To: freebsd-questions@FreeBSD.ORG Cc: jdp@freebsd.org Subject: VPN pptp-client problem... Message-ID: <38561802.20020709122654@mail.ru>
index | next in thread | raw e-mail
Hi all!
I have such a problem with VPN-client based on pptpclient:
Our server based on Linux Red Hat has DHCP service for LAN.
After installing the FreeBSD on PC, I receive IP - 192.168.234.12.
to go away from .234.0 subnet, to receive real inet IP, and to go
throw our gateway I must autorize on VPN server, IP - 192.168.234.1.
It has Chap encription Version 2. So I install pptpclient-1.0.3
from package, configure ppp.conf, and create file ppp.secret.
But when I'm trying to start autorization on VPN server, I
receive rejection of access. My netadmin can't help me, because he
doesn`t know FreeBSD, just Linux and M$.
FreeBSD is setting at my ad0s3 slice, but at ad0s1 I've M$ win98 with LAN
VPN support. And I have no any problem with inet in M$.
Here are my configurations:
uname -a>
FreeBSD sv 4.5-RELEASE FreeBSD 4.5-RELEASE #0: Mon Jan 28 14:31:56 GMT 2002
kernel>
I didn't recompile kernel, so it has next content:
# $FreeBSD: src/sys/i386/conf/GENERIC,v 1.246.2.38 2002/01/25 17:41:40 murray Exp $
machine i386
cpu I386_CPU
cpu I486_CPU
cpu I586_CPU
cpu I686_CPU
ident GENERIC
maxusers 0
#makeoptions DEBUG=-g #Build kernel with gdb(1) debug symbols
options MATH_EMULATE #Support for x87 emulation
options INET #InterNETworking
options INET6 #IPv6 communications protocols
options FFS #Berkeley Fast Filesystem
options FFS_ROOT #FFS usable as root device [keep this!]
options SOFTUPDATES #Enable FFS soft updates support
options UFS_DIRHASH #Improve performance on big directories
options MFS #Memory Filesystem
options MD_ROOT #MD is a potential root device
options NFS #Network Filesystem
options NFS_ROOT #NFS usable as root device, NFS required
options MSDOSFS #MSDOS Filesystem
options CD9660 #ISO 9660 Filesystem
options CD9660_ROOT #CD-ROM usable as root, CD9660 required
options PROCFS #Process filesystem
options COMPAT_43 #Compatible with BSD 4.3 [KEEP THIS!]
options SCSI_DELAY=15000 #Delay (in ms) before probing SCSI
options UCONSOLE #Allow users to grab the console
options USERCONFIG #boot -c editor
options VISUAL_USERCONFIG #visual boot -c editor
options KTRACE #ktrace(1) support
options SYSVSHM #SYSV-style shared memory
options SYSVMSG #SYSV-style message queues
options SYSVSEM #SYSV-style semaphores
options P1003_1B #Posix P1003_1B real-time extensions
options _KPOSIX_PRIORITY_SCHEDULING
options ICMP_BANDLIM #Rate limit bad replies
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
# To make an SMP kernel, the next two are needed
#options SMP # Symmetric MultiProcessor Kernel
#options APIC_IO # Symmetric (APIC) I/O
device isa
device eisa
device pci
# Floppy drives
device fdc0 at isa? port IO_FD1 irq 6 drq 2
device fd0 at fdc0 drive 0
device fd1 at fdc0 drive 1
#
# If you have a Toshiba Libretto with its Y-E Data PCMCIA floppy,
# don't use the above line for fdc0 but the following one:
#device fdc0
# ATA and ATAPI devices
device ata0 at isa? port IO_WD1 irq 14
device ata1 at isa? port IO_WD2 irq 15
device ata
device atadisk # ATA disk drives
device atapicd # ATAPI CDROM drives
device atapifd # ATAPI floppy drives
device atapist # ATAPI tape drives
options ATA_STATIC_ID #Static device numbering
# SCSI Controllers
device ahb # EISA AHA1742 family
device ahc # AHA2940 and onboard AIC7xxx devices
device amd # AMD 53C974 (Tekram DC-390(T))
device isp # Qlogic family
device ncr # NCR/Symbios Logic
device sym # NCR/Symbios Logic (newer chipsets)
options SYM_SETUP_LP_PROBE_MAP=0x40
# Allow ncr to attach legacy NCR devices when
# both sym and ncr are configured
device adv0 at isa?
device adw
device bt0 at isa?
device aha0 at isa?
device aic0 at isa?
device ncv # NCR 53C500
device nsp # Workbit Ninja SCSI-3
device stg # TMC 18C30/18C50
# SCSI peripherals
device scbus # SCSI bus (required)
device da # Direct Access (disks)
device sa # Sequential Access (tape etc)
device cd # CD
device pass # Passthrough device (direct SCSI access)
# RAID controllers interfaced to the SCSI subsystem
device asr # DPT SmartRAID V, VI and Adaptec SCSI RAID
device dpt # DPT Smartcache - See LINT for options!
device mly # Mylex AcceleRAID/eXtremeRAID
# RAID controllers
device aac # Adaptec FSA RAID, Dell PERC2/PERC3
device ida # Compaq Smart RAID
device amr # AMI MegaRAID
device mlx # Mylex DAC960 family
device twe # 3ware Escalade
# atkbdc0 controls both the keyboard and the PS/2 mouse
device atkbdc0 at isa? port IO_KBD
device atkbd0 at atkbdc? irq 1 flags 0x1
device psm0 at atkbdc? irq 12
device vga0 at isa?
# splash screen/screen saver
pseudo-device splash
# syscons is the default console driver, resembling an SCO console
device sc0 at isa? flags 0x100
# Enable this and PCVT_FREEBSD for pcvt vt220 compatible console driver
#device vt0 at isa?
#options XSERVER # support for X server on a vt console
#options FAT_CURSOR # start with block cursor
# If you have a ThinkPAD, uncomment this along with the rest of the PCVT lines
#options PCVT_SCANSET=2 # IBM keyboards are non-std
# Floating point support - do not disable.
device npx0 at nexus? port IO_NPX irq 13
# Power management support (see LINT for more options)
device apm0 at nexus? disable flags 0x20 # Advanced Power Management
# PCCARD (PCMCIA) support
device card
device pcic0 at isa? irq 0 port 0x3e0 iomem 0xd0000
device pcic1 at isa? irq 0 port 0x3e2 iomem 0xd4000 disable
# Serial (COM) ports
device sio0 at isa? port IO_COM1 flags 0x10 irq 4
device sio1 at isa? port IO_COM2 irq 3
device sio2 at isa? disable port IO_COM3 irq 5
device sio3 at isa? disable port IO_COM4 irq 9
# Parallel port
device ppc0 at isa? irq 7
device ppbus # Parallel port bus (required)
device lpt # Printer
device plip # TCP/IP over parallel
device ppi # Parallel port interface device
#device vpo # Requires scbus and da
# PCI Ethernet NICs.
device de # DEC/Intel DC21x4x (``Tulip'')
device txp # 3Com 3cR990 (``Typhoon'')
device vx # 3Com 3c590, 3c595 (``Vortex'')
# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
device miibus # MII bus support
device dc # DEC/Intel 21143 and various workalikes
device fxp # Intel EtherExpress PRO/100B (82557, 82558)
device pcn # AMD Am79C97x PCI 10/100 NICs
device rl # RealTek 8129/8139
device sf # Adaptec AIC-6915 (``Starfire'')
device sis # Silicon Integrated Systems SiS 900/SiS 7016
device ste # Sundance ST201 (D-Link DFE-550TX)
device tl # Texas Instruments ThunderLAN
device tx # SMC EtherPower II (83c170 ``EPIC'')
device vr # VIA Rhine, Rhine II
device wb # Winbond W89C840F
device wx # Intel Gigabit Ethernet Card (``Wiseman'')
device xl # 3Com 3c90x (``Boomerang'', ``Cyclone'')
device bge # Broadcom BCM570x (``Tigon III'')
# ISA Ethernet NICs.
# 'device ed' requires 'device miibus'
device ed0 at isa? port 0x280 irq 10 iomem 0xd8000
device ex
device ep
device fe0 at isa? port 0x300
# Xircom Ethernet
device xe
# PRISM I IEEE 802.11b wireless NIC.
device awi
# WaveLAN/IEEE 802.11 wireless NICs. Note: the WaveLAN/IEEE really
# exists only as a PCMCIA device, so there is no ISA attachment needed
# and resources will always be dynamically assigned by the pccard code.
device wi
# Aironet 4500/4800 802.11 wireless NICs. Note: the declaration below will
# work for PCMCIA and PCI cards, as well as ISA cards set to ISA PnP
# mode (the factory default). If you set the switches on your ISA
# card for a manually chosen I/O address and IRQ, you must specify
# those parameters here.
device an
# The probe order of these is presently determined by i386/isa/isa_compat.c.
device ie0 at isa? port 0x300 irq 10 iomem 0xd0000
#device le0 at isa? port 0x300 irq 5 iomem 0xd0000
device lnc0 at isa? port 0x280 irq 10 drq 0
device cs0 at isa? port 0x300
device sn0 at isa? port 0x300 irq 10
# Pseudo devices - the number indicates how many units to allocate.
pseudo-device loop # Network loopback
pseudo-device ether # Ethernet support
pseudo-device sl 1 # Kernel SLIP
pseudo-device ppp 1 # Kernel PPP
pseudo-device tun # Packet tunnel.
pseudo-device pty # Pseudo-ttys (telnet etc)
pseudo-device md # Memory "disks"
pseudo-device gif # IPv6 and IPv4 tunneling
pseudo-device faith 1 # IPv6-to-IPv4 relaying (translation)
# The `bpf' pseudo-device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
pseudo-device bpf #Berkeley packet filter
# USB support
device uhci # UHCI PCI->USB interface
device ohci # OHCI PCI->USB interface
device usb # USB Bus (required)
device ugen # Generic
device uhid # "Human Interface Devices"
device ukbd # Keyboard
device ulpt # Printer
device umass # Disks/Mass storage - Requires scbus and da
device ums # Mouse
device uscanner # Scanners
device urio # Diamond Rio MP3 Player
# USB Ethernet, requires mii
device aue # ADMtek USB ethernet
device cue # CATC USB ethernet
device kue # Kawasaki LSI USB ethernet
ifconfig >
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet6 fe80::2d0:4cff:fe39:19b%rl0 prefixlen 64 scopeid 0x1
inet 192.168.234.12 netmask 0xffffff00 broadcast 192.168.234.255
ether 00:d0:4c:39:01:9b
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet 127.0.0.1 netmask 0xff000000
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500
tun0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
inet6 fe80::2d0:4cff:fe39:19b%tun0 prefixlen 64 scopeid 0x7
ppp.conf>
VPN:
enable chap
# enable MSCHAPv2 - I tried with these strings, but it doesn't works.
# disable deflate pred1
# deny deflate pred1
# accept MSCHAPv2
set authname Authname
set authkey Authkey
set timeout 0
set ifaddr 0 0
add 192.168.12.0/24 HISADDR
alias enable yes
ppp-secret>
#Authname Authkey
XXXX YYYY
ppp.log>
Jul 8 13:19:27 sv ppp[329]: Phase: Using interface: tun0
Jul 8 13:19:27 sv ppp[329]: Phase: deflink: Created in closed state
Jul 8 13:19:27 sv ppp[329]: Warning: Usage: add dest mask gateway
Jul 8 13:19:27 sv ppp[329]: Warning: The alias command is deprecated
Jul 8 13:19:27 sv ppp[329]: Phase: PPP Started (direct mode).
Jul 8 13:19:28 sv ppp[329]: Phase: bundle: Establish
Jul 8 13:19:28 sv ppp[329]: Phase: deflink: closed -> opening
Jul 8 13:19:28 sv ppp[329]: Phase: deflink: Connected!
Jul 8 13:19:28 sv ppp[329]: Phase: deflink: opening -> carrier
Jul 8 13:19:29 sv ppp[329]: Phase: deflink: carrier -> lcp
Jul 8 13:19:33 sv ppp[329]: Phase: deflink: Too many LCP REQs sent - abandoning negotiation
Jul 8 13:19:33 sv ppp[329]: Phase: deflink: Disconnected!
Jul 8 13:19:33 sv ppp[329]: Phase: deflink: Connect time: 5 secs: 413 octets in, 844 octets out
Jul 8 13:19:33 sv ppp[329]: Phase: deflink: : 16 packets in, 17 packets out
Jul 8 13:19:33 sv ppp[329]: Phase: total 251 bytes/sec, peak 23 bytes/sec on Mon Jul 8 13:19:33 2002
Jul 8 13:19:33 sv ppp[329]: Phase: deflink: lcp -> closed
Jul 8 13:19:33 sv ppp[329]: Phase: bundle: Dead
Jul 8 13:19:33 sv ppp[329]: Phase: PPP Terminated (normal).
command line>
/usr/local/sbin/pptp 192.168.234.1 VPN
If you can, please Help me!
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38561802.20020709122654>